Remove the intermediate buffer in serv_puts()

[citadel.git] / webcit / webcit.c

diff --git a/webcit/webcit.c b/webcit/webcit.c
index 36c4fe8f7c19027c2c7a8d418c694ef629c6801e..0368e6429cc27bfde7db3f3c00b6a7425906ad39 100644 (file)
--- a/webcit/webcit.c
+++ b/webcit/webcit.c
@@ -1200,14 +1200,28 @@ void session_loop(struct httprequest *req)
                else 
                {
                        lprintf(9, "Suspicious request. Ignoring.");
-                       wprintf("HTTP/1.1 404 Not found. Don't try to Trick me DUDE!\r\n");
+                       wprintf("HTTP/1.1 404 Security check failed\r\n");
                        wprintf("Content-Type: text/plain\r\n");
                        wprintf("\r\n");
-                       wprintf("Not found. Don't play games on me!\r\n");
+                       wprintf("Security check failed.\r\n");
                }
                goto SKIP_ALL_THIS_CRAP;        /* Don't try to connect */
        }
 
+       /* If the client sent a nonce that is incorrect, kill the request. */
+       if (strlen(bstr("nonce")) > 0) {
+               lprintf(9, "Comparing supplied nonce %s to session nonce %ld\n", 
+                       bstr("nonce"), WC->nonce);
+               if (atoi(bstr("nonce")) != WC->nonce) {
+                       lprintf(9, "Ignoring request with mismatched nonce.\n");
+                       wprintf("HTTP/1.1 404 Security check failed\r\n");
+                       wprintf("Content-Type: text/plain\r\n");
+                       wprintf("\r\n");
+                       wprintf("Security check failed.\r\n");
+                       goto SKIP_ALL_THIS_CRAP;
+               }
+       }
+
        /**
         * If we're not connected to a Citadel server, try to hook up the
         * connection now.